You could implement a filter that checked the time since last visit, and if the session had expired according to your custom rule, invalidate the session and redirect to appropriate page such as login. You'd have to make sure that the "default" session time set in server.xml was longer than the max session time you wanted in your custom method, otherwise the browser would time out the session for you if based on cookies.
I haven't used Filters, but as far as I understand the principles, I don't think a redirect from within the filter code would upset anything. I think you can break out of the filter chain like this without problems. > -----Original Message----- > From: Marc Vaillancourt [mailto:[EMAIL PROTECTED] > Sent: Thursday 26 May 2005 17:29 > To: tomcat-user@jakarta.apache.org > Subject: Implementing custom session expiration rule > > > I have a requirement to implement different session timeout values for > different user roles. What would be the most straightforward way to > accomplish this? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]